Skip to content
Snippets Groups Projects
Commit d82687aa authored by Hangzhi Yu's avatar Hangzhi Yu
Browse files

Move permission check when editing substitutions

parent e63a6939
No related branches found
No related tags found
1 merge request!397Resolve "Documentation is created before permission check"
Pipeline #192087 failed
Stage: prepare
Stage: test
Stage: build
Stage: publish
Stage: docker
Hide whitespace changes
Inline Side-by-side
aleksis/apps/alsijil/models.py
+ 4
1
View file @ d82687aa
...@@ -709,7 +709,10 @@ class Documentation(CalendarEvent): ...@@ -709,7 +709,10 @@ class Documentation(CalendarEvent):
*cls.parse_dummy(_id), *cls.parse_dummy(_id),
), True ), True
return cls.objects.get(id=_id), False obj = cls.objects.get(id=_id)
if not user.has_perm("alsijil.edit_documentation_rule", obj):
raise PermissionDenied()
return obj, False
def touch(self): def touch(self):
"""Ensure that participation statuses are created for this documentation.""" """Ensure that participation statuses are created for this documentation."""
......
aleksis/apps/alsijil/schema/documentation.py
+ 0
3
View file @ d82687aa
...@@ -110,9 +110,6 @@ class DocumentationBatchCreateOrUpdateMutation(graphene.Mutation): ...@@ -110,9 +110,6 @@ class DocumentationBatchCreateOrUpdateMutation(graphene.Mutation):
# is only introduced in Django 5.0 # is only introduced in Django 5.0
obj, __ = Documentation.get_or_create_by_id(_id, info.context.user) obj, __ = Documentation.get_or_create_by_id(_id, info.context.user)
if not info.context.user.has_perm("alsijil.edit_documentation_rule", obj):
raise PermissionDenied()
if doc.topic is not None: if doc.topic is not None:
obj.topic = doc.topic obj.topic = doc.topic
if doc.homework is not None: if doc.homework is not None:
......
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment